Setup Hydra systemd service

- run migrations before start - register systemd unit - start service - define localhost as default listening address
2022-08-16 16:22:36 +02:00 · 2022-08-16 16:22:36 +02:00 · f0d279789a
commit f0d279789a
parent 9791658838
5 changed files with 44 additions and 3 deletions
--- a/deployment/playbooks/01_install_cacert_oidc.yml
+++ b/deployment/playbooks/01_install_cacert_oidc.yml
@ -3,6 +3,13 @@
  hosts: pgsqlserver
  become: true
  pre_tasks:
    - name: Install python3-psycopg2
      ansible.builtin.package:
        name: python3-psycopg2
        state: present
  roles:
    - hydra_database
--- a/deployment/roles/hydra_server/handlers/main.yml
+++ b/deployment/roles/hydra_server/handlers/main.yml
@ -1,2 +1,7 @@
 ---
-# handlers file for roles/hydra_server
+- name: hydra_systemd_reload
  ansible.builtin.systemd:
    state: started
    name: hydra
    daemon_reload: true
    enabled: true
--- a/deployment/roles/hydra_server/tasks/main.yml
+++ b/deployment/roles/hydra_server/tasks/main.yml
@ -117,3 +117,17 @@
        content: "{{ hydra_tls.keydata }}"
  when: not use_mkcert
 - name: Run Hydra SQL migrations
  ansible.builtin.command:
    cmd: "{{ hydra_home }}/bin/hydra migrate sql --yes --read-from-env --config {{ hydra_home }}/etc/hydra.yml"
  changed_when: false
 - name: Create systemd unit file
  ansible.builtin.template:
    src: hydra.service.j2
    dest: /etc/systemd/system/hydra.service
    owner: root
    group: root
    mode: "0640"
  notify: hydra_systemd_reload
--- a/deployment/roles/hydra_server/templates/hydra.service.j2
+++ b/deployment/roles/hydra_server/templates/hydra.service.j2
@ -0,0 +1,13 @@
 [Unit]
 Description=ORY Hydra OAuth2/OpenID Connect API server
 After=network.target
 Documentation=https://www.ory.sh/docs/hydra/
 [Service]
 ExecStart={{ hydra_home }}/bin/hydra serve all --config "{{ hydra_home }}/etc/hydra.yml"
 WorkingDirectory={{ hydra_home }}
 User={{ hydra_os_user }}
 Group={{ hydra_os_group }}
 [Install]
 WantedBy=multi-user.target
--- a/deployment/roles/hydra_server/templates/hydra.yml.j2
+++ b/deployment/roles/hydra_server/templates/hydra.yml.j2
@ -1,9 +1,11 @@
 ---
 serve:
  admin:
-    host: {{ oidc_urls.hydra_admin.host }}
+    host: {{ oidc_urls.hydra_admin.address | default("localhost") }}
    port: {{ oidc_urls.hydra_admin.port | default("4445") }}
  public:
-    host: {{ oidc_urls.hydra_public.host }}
+    host: {{ oidc_urls.hydra_public.address | default("localhost") }}
    port: {{ oidc_urls.hydra_public.port | default("4444") }}
  tls:
    cert:
      path: {{ hydra_tls.cert }}